Custom Feed Best Practices

Secure Access supports the feed of third-party security events and domain information through the Secure Access Feed API and destination lists. We recommend several best practices to use the most effective custom feed based destination lists.

Table of Contents

• Known Domains and Destination Lists
• Delete a Domain from Custom Destination Block List

Known Domains and Destination Lists

As your platform sends events, Secure Access validates the domain information and adds suspicious or malicious domains to your custom destination block list. If your security platform registers a security event for a known domain, Secure Access may block that domain if the event information indicates that the domain is unsafe or unknown. As a result, your networks may not have access to certain websites or files.

Before you send events to Secure Access from a third-party platform, we recommend that you create a new threat intelligence custom feeds which will create a destination list on your behalf.

Examples of Domains or Websites to Allow:

• Home page for your organization.
• Domains that represent services you provide that may have both internal and external records.
• Cloud applications that Secure Access may not be aware of or include when evaluating a domain.

Delete a Domain from Custom Destination Block List

You can remove a destination from the custom destination block list through the dashboard or the Secure Access Feed API. When you remove a destination from the custom destination list, your security appliance or platform may send a new event which includes the same domain. If this occurs, Secure Access may block the domain. To prevent unexpected blocks, we recommend that you create a destination allow list and add the domain to this destination list.

Remove a destination from a custom destination block list in the dashboard.

1. Navigate to Resources > Internet and SaaS Resources > Destination Lists, then expand your custom feed.
2. Click the x (Delete) icon.
3. Click Close.

Use the Secure Access Feed API to delete a destination from a custom destination block list.
For more information, see Threat Intelligence Feeds.

Add Threat Intelligence Feeds < Custom Feed Best Practices > Manage Notification Pages